SEARCH RESULTS
 
Showing 1-10 of 31 records
 
Expand article

PrincipalPermissionAttribute and Static ctor Leads to DoS

2007-12-03 09:03:00 by Keith Brown in Security Briefs
 
I recently heard a colleague lamenting that he was having difficulty using PrincipalPermissionAttribute at the class level in a certain scenario under WCF. I recommended caution in my guidebook , because of the nasty type load exception that you can run into if the first request to the class is denied by the attribute Be careful about using this...
 
Tags: class sensitive, sensitive, class, class level, static constructor, inside static constructor, class program, static constructor leads, static void
 
 
 
 
Expand article

Is there a "silver bullet" to IT Compliance Management?

The Article has images
2007-12-06 13:12:00 by Ryan Shopp in practical risk management
Is there a "silver bullet" to IT Compliance Management by: Ryan Shopp A few times I've found myself getting confused or having trouble explaining the relationships between policies, standards, controls, audits, etc when answering questions about IT Compliance & Risk Management? I came across a great two part thread in my blog reader that...
 
Tags: compliance, compliance management, silver bullet, compliance institute, standards, numerous standards organizations, compliance close, controls, compliance requirements
 
 
 
 
Expand article

A Blast from the Past: CEP at Stanford,1998-2003

2008-07-07 19:20:21 by Tim Bass in The Complex Event Processing Blog
 
Courtesy of Complex Event Processing at Stanford Complex event processing (CEP) is a new technology. It can be applied to extracting and analyzing information from any kind of distributed message-based system. It is developed from the Rapide concepts of (1) causal event modeling, (2) event patterns and pattern matching, and (3) event pattern...
 
Tags: architectural event types, event, event pattern maps, event types, event aggregation, event patterns, complex event, event based, hierarchical event
 
 
 
 
Expand article

My QA = TA Post Sparked a Debate

2007-02-16 09:20:00 by Jomni in Risk Management Quant
 
I knew this was coming. Posting a link to my previous blog entry in a quants forum sparked a heated debate. See what very intelligent people has to say about the merits of quantitative analysis and technical analysis. Some even pointed out that TA has more realistic models than QA Link to the QA vs. TA thread Tags: quant technical analysis...
 
Tags: previous blog entry, link, quantitative analysis, realistic models, quants forum, technical analysis, intelligent people, tags, thread
 
 
 
 
Expand article

Security is Everybody's Job

2007-09-18 00:00:00 by Jamie Barnett in Speaking of Security, the RSA Blog and Podcast
 
It was blasphemy at the time. At the 2007 RSA Conference in San Francisco, our President, Art Coviello, made the claim that the standalone security market was not long for this world. Some in the audience must have thought he was Looney Tunes, making a claim like that at a longtime venue dedicated to all things security. In my role driving...
 
Tags: security, standalone security market, job, information infrastructure products, storage professionals regularly, s-job, looney tunes, art coviello, emc products
 
 
 
 
Expand article

Book Review: The Pragmatic CSO

2008-01-02 15:24:45 by RSnake in ha.ckers.org web application security lab
 
When I saw Mike Rothmans name on the San Diego ISSA meeting speaker list, I tried to be the first person in the room. Yes, there were more technical talks I could have attended, but why would I want to? If you have never seen or talked to Mike, he is gruff, funny, and knowledgeable about security. I consider Mike to be a friend, so it wasnt a...
 
Tags: book, book mike, technical book, security community, security, security business, mike, mike rothman, mike rothmans
 
 
 
 
Expand article

Diminutive XSS Worm Replication Contest

2008-01-04 16:28:08 by RSnake in ha.ckers.org web application security lab
 
For those of you who are familiar with the RSA diminutive munitions project from ages ago, back when it was illegal to export certain crypto systems , and the diminutive PERL contests Ive enacted a similar contest to write a diminutive self replicating XSS worm (with a non-dangerous payload The diminutive XSS worm replication contest is a week...
 
Tags: xss worm, propagation, worm propagation issues, code, diminutive, live worm code, xss worm propagation, winners code, diminutive perl contests
 
 
 
 
Expand article

Blue Box #70: 2-yr Anniversary show, VoIP security vulnerabilities, Vonage, Comcast, phishing, listener comments and much, much more...

2007-11-07 21:52:53 by HASH0x89e6354 in Blue Box: The VoIP Security Podcast
 
Synopsis: Blue Box #70: 2-yr Anniversary show, VoIP security vulnerabilities, Vonage, Comcast, phishing, listener comments and much, much more Welcome to Blue Box: The VoIP Security Podcast #70, a 51-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions Download the show here (MP3, 21MB) or subscribe to...
 
Tags: voip security, voip security vulnerabilities, voip security news, voip, voip security podcast, consumer voip, vulnerabilities, sans voip security, sans
 
 
 
 
Expand article

Blue Box #70: 2-yr Anniversary show, VoIP security vulnerabilities, Vonage, Comcast, phishing, listener comments and much, much more...

2007-11-07 22:52:27 by Dan York in Blue Box: The VoIP Security Podcast
 
Synopsis: Blue Box #70: 2-yr Anniversary show, VoIP security vulnerabilities, Vonage, Comcast, phishing, listener comments and much, much more Welcome to Blue Box: The VoIP Security Podcast #70, a 51-minute podcast from Dan York and Jonathan Zar covering VoIP security news, comments and opinions Download the show here (MP3, 21MB) or subscribe to...
 
Tags: voip security, voip security vulnerabilities, voip security news, voip, voip security podcast, consumer voip, vulnerabilities, sans voip security, sans